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However, some smaller computer networks/systems currently generate, on 


average, 750,000 events per day. During peak times such systems may generate over LOOO.OOO 
events in one hour. More complicated systems, however, generate approximately 3,000,000 
events per hour, on average. Peaks of well over 20,000,000 events per hour are not uncommon 
for such complicated systems. Therefore, human analysis of this huge amount of events is not 


possible, and Th e r e for e , there exists a need for a self-diagnosing network security system that 
can protect a target network from both intemal and external intruders and that is resistant to 
attacks perpetrated on the system it has been deployed to protect. Furthermore, there is a need 
for an active security system that will take measured action against perceived security threats 
even in the absence of a human network manager. 


Preferably, the security system defined herein is embedded as a software package 
and implemented on computers comprising at least a master system and the security subsystem. 


The security subsystem and master system are able to accept and correlate events from a 
plurality of devices without any human control. 
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